 |  |  |  |  |  |  |  |
Pls help! - Desktop/Taskbar disappear - 7 instances of svchost
 |
Well, the methods I referred to in my earlier post will solve your problem. What actions have you taken?
On the other hand, as I've advised many others. cut-your-losses time is the fasted way to resolution. Do remember to toally zap your HDD.
Good luck.
On the other hand, as I've advised many others. cut-your-losses time is the fasted way to resolution. Do remember to toally zap your HDD.
Good luck.
Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
I seem to have fixed of the problem of my explorer.exe crashing. I downloaded RegRun and SuperAntiSpyWare which I think did the trick. HOWEVER, since then I have had another problem of my CPU often running at 100%, sometimes taking 3-5mins to open Task Manager! Something is seriously slowing me down and I can't quite work it out.
I have noticed that I have a couple of instances of rundll32.exe running and I have read on other forums that this could be virus. If I end these processes the go away and things seem to be ok, but they come back so I suspect it is a virus.
So far I have updated all my databases, run Kaspersky to neutralise threats, dowloaded and installed SpyBlaster, DL/installed SpyBot (for some reason I didn't have it but thought I did!) and about to run Ad-aware.
I will post my HJT log after I close IE. If someone could pls have a look at it?
By the way, thanks for your kind help Suspishio. I'm not about to give up on this and reload Windows.... not just yet
I have noticed that I have a couple of instances of rundll32.exe running and I have read on other forums that this could be virus. If I end these processes the go away and things seem to be ok, but they come back so I suspect it is a virus.
So far I have updated all my databases, run Kaspersky to neutralise threats, dowloaded and installed SpyBlaster, DL/installed SpyBot (for some reason I didn't have it but thought I did!) and about to run Ad-aware.
I will post my HJT log after I close IE. If someone could pls have a look at it?
By the way, thanks for your kind help Suspishio. I'm not about to give up on this and reload Windows.... not just yet
This is where I have been getting my most recent info -> http://www.techsupportforum.com/secu...tml#post948178
Logfile of HijackThis v1.99.1
Scan saved at 3:42:23 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/post47...tml#post474276
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 3:42:23 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/post47...tml#post474276
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Just prior to running HJT on startup, my computer reset by itself halfway through a RegRun virus scan (twice). Something dodgy is happening. Any ideas what might be slowing my computer down??
I'm sure you have a Virtumonde infection.
---------------------------------------------------------
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
---------------------------------------------------------
Whenever you reboot, it renames/reproduces itself and none of the removal tools work fully unless they run in isolation of each other (i.e. others are unloaded when running one).
Also the current instance can't be removed while it's running.
Anyway, the below link was an end-to-end fix for Virtumonde with the same registry keys as you showed. So if you're not ready to reinstall, I guess this is your last hope:
http://www.bleepingcomputer.com/foru...117263-15.html
---------------------------------------------------------
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
---------------------------------------------------------
Whenever you reboot, it renames/reproduces itself and none of the removal tools work fully unless they run in isolation of each other (i.e. others are unloaded when running one).
Also the current instance can't be removed while it's running.
Anyway, the below link was an end-to-end fix for Virtumonde with the same registry keys as you showed. So if you're not ready to reinstall, I guess this is your last hope:
http://www.bleepingcomputer.com/foru...117263-15.html
Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
ComboFix 07-12-02.6 - Owner 2007-12-05 11:24:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.593 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\??sks\
C:\Program Files\sembly~1
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\mbols~1
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\npf
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.
2007-12-04 16:08 . 2007-12-04 16:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR> d-------- C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR> d-------- C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:02 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR> d-------- C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:20 <DIR> d-------- C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR> d--hs---- C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR> d-------- C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\Program Files\MP4 Video Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 00:27 294,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:27 11,483,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:01 28,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:01 154,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12 --------- d-----w C:\Program Files\Google
2007-12-01 21:57 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54 --------- d-----w C:\Program Files\mIRC
2007-11-20 14:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32 --------- d-----w C:\Program Files\Vstplugins
2007-11-14 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03 --------- d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10 --------- d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19 --------- d-----w C:\Program Files\iTunes
2007-10-24 14:19 --------- d-----w C:\Program Files\iPod
2007-10-24 06:18 --------- d-----w C:\Program Files\Soulseek
2007-10-24 03:38 --------- d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32 --------- d-----w C:\Program Files\SpeedFan
2007-10-23 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04 --------- d-----w C:\Program Files\Native Instruments
2007-10-14 19:57 --------- d-----w C:\Program Files\uTorrent
2007-10-14 11:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31 --------- d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15 --------- d-----w C:\Program Files\SourceTec
2007-10-12 09:15 --------- d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:26 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57 --------- d-----w C:\Program Files\MSBuild
2007-10-08 03:40 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01 --------- d-----w C:\Program Files\MagicISO
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06 86,823 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06 80,820 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35 23,620,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20 18,605,072 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20 132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17 76,952 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17 70,487 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46 1,024 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00 970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00 82,864 -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00 88 --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-04 00:40:33 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 11:27:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-05 11:28:50
.
--- E O F ---
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.593 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\??sks\
C:\Program Files\sembly~1
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\mbols~1
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\npf
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.
2007-12-04 16:08 . 2007-12-04 16:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR> d-------- C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR> d-------- C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:02 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR> d-------- C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:20 <DIR> d-------- C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR> d--hs---- C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR> d-------- C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\Program Files\MP4 Video Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 00:27 294,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:27 11,483,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:01 28,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:01 154,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12 --------- d-----w C:\Program Files\Google
2007-12-01 21:57 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54 --------- d-----w C:\Program Files\mIRC
2007-11-20 14:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32 --------- d-----w C:\Program Files\Vstplugins
2007-11-14 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03 --------- d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10 --------- d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19 --------- d-----w C:\Program Files\iTunes
2007-10-24 14:19 --------- d-----w C:\Program Files\iPod
2007-10-24 06:18 --------- d-----w C:\Program Files\Soulseek
2007-10-24 03:38 --------- d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32 --------- d-----w C:\Program Files\SpeedFan
2007-10-23 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04 --------- d-----w C:\Program Files\Native Instruments
2007-10-14 19:57 --------- d-----w C:\Program Files\uTorrent
2007-10-14 11:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31 --------- d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15 --------- d-----w C:\Program Files\SourceTec
2007-10-12 09:15 --------- d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:26 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57 --------- d-----w C:\Program Files\MSBuild
2007-10-08 03:40 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01 --------- d-----w C:\Program Files\MagicISO
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06 86,823 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06 80,820 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35 23,620,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20 18,605,072 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20 132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17 76,952 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17 70,487 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46 1,024 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00 970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00 82,864 -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00 88 --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-04 00:40:33 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 11:27:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-05 11:28:50
.
--- E O F ---
2nd stage of ComboFix
ComboFix 07-12-02.6 - Owner 2007-12-05 11:55:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.616 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.
2007-12-04 16:08 . 2007-12-04 16:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR> d-------- C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR> d-------- C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR> d-------- C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:51 <DIR> d-------- C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR> d--hs---- C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR> d-------- C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\Program Files\MP4 Video Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 01:00 297,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:59 11,517,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:33 28,748 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:33 154,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12 --------- d-----w C:\Program Files\Google
2007-12-01 21:57 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54 --------- d-----w C:\Program Files\mIRC
2007-11-20 14:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32 --------- d-----w C:\Program Files\Vstplugins
2007-11-14 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03 --------- d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10 --------- d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19 --------- d-----w C:\Program Files\iTunes
2007-10-24 14:19 --------- d-----w C:\Program Files\iPod
2007-10-24 06:18 --------- d-----w C:\Program Files\Soulseek
2007-10-24 03:38 --------- d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32 --------- d-----w C:\Program Files\SpeedFan
2007-10-23 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04 --------- d-----w C:\Program Files\Native Instruments
2007-10-14 19:57 --------- d-----w C:\Program Files\uTorrent
2007-10-14 11:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31 --------- d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15 --------- d-----w C:\Program Files\SourceTec
2007-10-12 09:15 --------- d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:26 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57 --------- d-----w C:\Program Files\MSBuild
2007-10-08 03:40 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01 --------- d-----w C:\Program Files\MagicISO
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06 86,823 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06 80,820 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35 23,620,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20 18,605,072 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20 132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17 76,952 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17 70,487 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46 1,024 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00 970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00 82,864 -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00 88 --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-05_11.27.45.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-05 00:06:43 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-05 00:38:31 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-05 00:06:43 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 00:38:31 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-05 00:02:35 14,090 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2007-12-05 00:34:32 14,090 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 23:36]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-05 00:40:00 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 12:00:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-05 12:01:52
C:\ComboFix2.txt ... 2007-12-05 11:28
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:06:49 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/thread97627-2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
ComboFix 07-12-02.6 - Owner 2007-12-05 11:55:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.616 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.
2007-12-04 16:08 . 2007-12-04 16:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR> d-------- C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR> d-------- C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR> d-------- C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:51 <DIR> d-------- C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR> d--hs---- C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR> d-------- C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR> d-------- C:\Program Files\MP4 Video Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 01:00 297,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:59 11,517,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:33 28,748 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:33 154,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12 --------- d-----w C:\Program Files\Google
2007-12-01 21:57 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54 --------- d-----w C:\Program Files\mIRC
2007-11-20 14:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32 --------- d-----w C:\Program Files\Vstplugins
2007-11-14 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03 --------- d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10 --------- d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19 --------- d-----w C:\Program Files\iTunes
2007-10-24 14:19 --------- d-----w C:\Program Files\iPod
2007-10-24 06:18 --------- d-----w C:\Program Files\Soulseek
2007-10-24 03:38 --------- d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32 --------- d-----w C:\Program Files\SpeedFan
2007-10-23 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04 --------- d-----w C:\Program Files\Native Instruments
2007-10-14 19:57 --------- d-----w C:\Program Files\uTorrent
2007-10-14 11:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31 --------- d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15 --------- d-----w C:\Program Files\SourceTec
2007-10-12 09:15 --------- d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:26 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57 --------- d-----w C:\Program Files\MSBuild
2007-10-08 03:40 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01 --------- d-----w C:\Program Files\MagicISO
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06 86,823 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06 80,820 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35 23,620,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20 18,605,072 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20 132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17 76,952 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17 70,487 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46 1,024 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00 970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00 82,864 -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00 88 --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-05_11.27.45.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-05 00:06:43 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-05 00:38:31 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-05 00:06:43 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 00:38:31 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-05 00:02:35 14,090 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2007-12-05 00:34:32 14,090 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 23:36]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-05 00:40:00 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 12:00:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-05 12:01:52
C:\ComboFix2.txt ... 2007-12-05 11:28
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:06:49 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/thread97627-2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Uninstall List
Ableton Live v5.0.3
Active Security Monitor 2.0.0.18
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Extension Manager CS3
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Setup
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced WindowsCare 2.55 Personal
Apple Mobile Device Support
Apple Software Update
BlueSoleil
Build-a-lot (remove only)
Bytescout SWF To Video Scout
Corel Painter X
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ERUNT 1.1j
e-tax 2007
EZ MPEG TO AVI Converter 1.00
ffdshow [rev 610] [2006-12-01]
GIGABYTE VGA Utility Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Magic ISO Maker v5.4 (build 0251)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.9)
MP4 Video Player
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
N.I. Reaktor v5.1.1
Native Instruments Absynth 4
Native Instruments Electronic Instruments 2 XT
Native Instruments Massive
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia Map Loader
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Notepad++
NVIDIA Drivers
Open Video Converter version 3.0.3
Play89
QuickTime
RegRun Security Suite Pro
Rosoft Audio Recorder, Sponsored Edition, Release, 4.1.5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sothink SWF Decompiler
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
SWiSHmax
Symbian Developer Certificate Request
System Requirements Lab
Tablet
Uniblue RegistryBooster 2
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB933493)
Update for Outlook 2007 Junk Email Filter (kb943559)
Update for Windows XP (KB904942)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VPN Client
Winamp (remove only)
Windows Communication Foundation
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Mail desktop
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Ableton Live v5.0.3
Active Security Monitor 2.0.0.18
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Extension Manager CS3
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Setup
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced WindowsCare 2.55 Personal
Apple Mobile Device Support
Apple Software Update
BlueSoleil
Build-a-lot (remove only)
Bytescout SWF To Video Scout
Corel Painter X
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ERUNT 1.1j
e-tax 2007
EZ MPEG TO AVI Converter 1.00
ffdshow [rev 610] [2006-12-01]
GIGABYTE VGA Utility Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Magic ISO Maker v5.4 (build 0251)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.9)
MP4 Video Player
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
N.I. Reaktor v5.1.1
Native Instruments Absynth 4
Native Instruments Electronic Instruments 2 XT
Native Instruments Massive
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia Map Loader
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Notepad++
NVIDIA Drivers
Open Video Converter version 3.0.3
Play89
QuickTime
RegRun Security Suite Pro
Rosoft Audio Recorder, Sponsored Edition, Release, 4.1.5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sothink SWF Decompiler
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
SWiSHmax
Symbian Developer Certificate Request
System Requirements Lab
Tablet
Uniblue RegistryBooster 2
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB933493)
Update for Outlook 2007 Junk Email Filter (kb943559)
Update for Windows XP (KB904942)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VPN Client
Winamp (remove only)
Windows Communication Foundation
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Mail desktop
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
|
Similar Threads
- Missing Desktop Icons and Taskbar (Windows NT / 2000 / XP)
- Desktop And Taskbar Won't Show (Windows NT / 2000 / XP)
- Desktop & Taskbar on & off consistently (Windows NT / 2000 / XP)
- Hello! I'm Xcyper33 and I need serious help please :) Virtuamonde, taskbar disappears (Viruses, Spyware and other Nasties)
- Can't open any folders, My Computer, Control Panel, etc (Viruses, Spyware and other Nasties)
- Generic Host Process for Win32 Error (Viruses, Spyware and other Nasties)
- Internet Explorer & Windows Explorer (desktop shortcuts) Won't Load! (Viruses, Spyware and other Nasties)
- Desktop won't load (Viruses, Spyware and other Nasties)
- Aurora Virus (Viruses, Spyware and other Nasties)
- svchost.exe *sigh* (Windows NT / 2000 / XP)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Random BSOD
- Next Thread: computer won't start up and has long beeps
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
.net 3.5 3daccelertion 2007 2010 activedirectory alaris apache application arm auto automatically black blue book boot cellphones chinese collaboration computer computerfreezes crash desktop desktops dns domain dotnetnuke drive error errors explorer features firefox folder fontmanagers fonts gadgets install intel killprocess laptop laptops latitude linux load login mac markshuttleworth microsoft minimalizes mobile monitor netbooks novell nvidia opensource operatingsystems osinstallationproblem osx outlook partition patch port product proxy raid rds remotedesktopconnection repair replacingraiddrive screen server. simplifiedchinese sp1 sp3 spyware studios ubuntu unreadable update usb verizon videogames virtual virus vista visual vulnerability wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp
